<?php 
include_once 'checkAuth.php';
include_once __DIR__.'/CommonClass/errorcode.php';

function showEmployeeInfo($userName,$userPass,$targetUser)
{
	//declare output and auth success/fail var, error code generated throughout
	$output = array();
	$auth = 0;

	if (checkAuthentication($userName, $userPass) == true) {
		$conn = mysqli_connect('localhost', 'root', '', 'paradigmshift_dev');
		$sql = "SELECT empID FROM paradigmshift_dev.account WHERE accName = '$targetUser'";
		$result = mysqli_query($conn, $sql);
		$row = mysqli_fetch_row($result);
		$empID = $row[0];

		if ($row == NULL) {
			$error = 300 + ErrorCode::failRead;
		} elseif ($userName == $targetUser){//no more auth needed
			$auth = 1;
		} else {
			//check if user is manager
			$sql = "SELECT empID FROM paradigmshift_dev.account WHERE accName = '$userName'";
			$result = mysqli_query($conn, $sql);
			$row = mysqli_fetch_object($result);
			$managerID = $row->empID;

			$sql = "SELECT empStatus FROM paradigmshift_dev.employees WHERE empID = '$managerID'";
			$result = mysqli_query($conn, $sql);
			$row = mysqli_fetch_object($result);
			$empStatus = $row->empStatus;

			if ($empStatus == 'Manager') {
				$auth = 1;
			} else {
				$error = ErrorCode::authFailRead;
			}
		}

	} else {
		$error = ErrorCode::authFailRead;
	}

	if ($auth == 1) {
		$sql = "SELECT * FROM Employees WHERE empID = '$empID'";
		$result = mysqli_query($conn, $sql);
		if (!$result) {
			$error = ErrorCode::sysError;
		}
		$output = mysqli_fetch_array($result);
		$error = ErrorCode::successRead;

		$msg = $output[1] . $output[2] . $output[3] . $output[4] . $output[5] . $output[6] . $output[7] . $output[8] . $output[9];
		$hashMsg = hash('md5', $msg);
	}
	//append error code to start of code
	array_unshift($output, $error);
	if ($auth == 1) {
		$output[] = $hashMsg;
		$output['hash'] = $hashMsg;
	}
	return $output;
}
?>
